I am having problems with the following insert command:
Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name,
Work_Code, Work_Code_ID) VALUES ('Payment_ID',' " & _
lstrCode & " ',' "& txtID.Text & " ')"
The problem occurs when the string variable lstrCode contains a string with
an ' in it like Dave's House. I thought I could replace the ' with ''' to
solve the problem but this didn't solve it. Any ideas? 4 1399
David A. Osborn wrote: I am having problems with the following insert command:
Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name, Work_Code, Work_Code_ID) VALUES ('Payment_ID',' " & _ lstrCode & " ',' "& txtID.Text & " ')"
The problem occurs when the string variable lstrCode contains a string with an ' in it like Dave's House. I thought I could replace the ' with ''' to solve the problem but this didn't solve it. Any ideas?
To fix the problem you have to refer to your database of choice. For
example mysql you insert the ' by inserting a /' instead. Not sure what
it is for other databases.
Chris
Use SqlParameters
Change your SQL Insert stmt to: Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name, Work_Code, Work_Code_ID) VALUES (?,?,?)"
then add three parameters to your command, one for each of the actual
values. The OleDb adapter will figure out the correct way to send the
quoted string, and you won't have to worry about SQL Injection attacks from
your friendly neighborhood hacker.
--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster http://blogs.msdn.com/nickmalik
Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
--
"David A. Osborn" <do********@hotmail.com> wrote in message
news:VCdKe.238048$_o.7044@attbi_s71...I am having problems with the following insert command:
Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name, Work_Code, Work_Code_ID) VALUES ('Payment_ID',' " & _ lstrCode & " ',' "& txtID.Text & " ')"
The problem occurs when the string variable lstrCode contains a string with an ' in it like Dave's House. I thought I could replace the ' with ''' to solve the problem but this didn't solve it. Any ideas?
Its an access db.
"Chris" <no@spam.com> wrote in message
news:ur**************@TK2MSFTNGP14.phx.gbl... David A. Osborn wrote: I am having problems with the following insert command:
Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name, Work_Code, Work_Code_ID) VALUES ('Payment_ID',' " & _ lstrCode & " ',' "& txtID.Text & " ')"
The problem occurs when the string variable lstrCode contains a string with an ' in it like Dave's House. I thought I could replace the ' with ''' to solve the problem but this didn't solve it. Any ideas?
To fix the problem you have to refer to your database of choice. For example mysql you insert the ' by inserting a /' instead. Not sure what it is for other databases.
Chris
This doesn't seem to work if I do
Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name,
Work_Code, Work_Code_ID) VALUES (?,?,?)"
Me.OleDbInsertCommand1.Parameters("Type_Name").Val ue = "WorkCode_ID"
Me.OleDbInsertCommand1.Parameters("Work_Code").Val ue = txtCode.text
Me.OleDbInsertCommand1.Parameters("Work_Code_ID"). Value = txtID.text
Instead of the Type_Name being inserted into the DB as the string
WorkCode_ID it is always null. The other two values go in fine.
"Nick Malik [Microsoft]" <ni*******@hotmail.nospam.com> wrote in message
news:C7********************@comcast.com... Use SqlParameters
Change your SQL Insert stmt to: Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name, Work_Code, Work_Code_ID) VALUES (?,?,?)"
then add three parameters to your command, one for each of the actual values. The OleDb adapter will figure out the correct way to send the quoted string, and you won't have to worry about SQL Injection attacks from your friendly neighborhood hacker.
-- --- Nick Malik [Microsoft] MCSD, CFPS, Certified Scrummaster http://blogs.msdn.com/nickmalik
Disclaimer: Opinions expressed in this forum are my own, and not representative of my employer. I do not answer questions on behalf of my employer. I'm just a programmer helping programmers. -- "David A. Osborn" <do********@hotmail.com> wrote in message news:VCdKe.238048$_o.7044@attbi_s71...I am having problems with the following insert command:
Me.OleDbInsertCommand1.CommandText = "INSERT INTO lutLookup(Type_Name, Work_Code, Work_Code_ID) VALUES ('Payment_ID',' " & _ lstrCode & " ',' "& txtID.Text & " ')"
The problem occurs when the string variable lstrCode contains a string with an ' in it like Dave's House. I thought I could replace the ' with ''' to solve the problem but this didn't solve it. Any ideas? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: 73blazer |
last post by:
Hello,
I'm looking for a way to make some of my insert templates more readable
by placing comments in between the values. I cannot seem to find a way
to do this with DB2, is there a way? I'm...
|
by: alexmaster_2004 |
last post by:
hi
i have made an application using C# that access sql2000.
this application is just used to insert data to the database.
i use something like this in my code:
//
string colmnA = TextBox1.Text;...
|
by: Shapper |
last post by:
Hello,
I have created 3 functions to insert, update and delete an Access
database record. The Insert and the Delete code are working fine.
The update is not. I checked and my database has all...
|
by: Ed Dror |
last post by:
Hi there,
I have ASP
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Guestbook.aspx.vb"
Inherits="Guestbook" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
|
by: Kevin Lawrence |
last post by:
Hi all
I want to do "INSERT INTO Table (Blob) Values('blobdataasstring')".
...rather than using the parameter driven method, is it possible? And if so
what encoder do I use to convert the...
|
by: Steven Blair |
last post by:
Hi,
Would be grateful if anyone with a high understanding of the
SqlDataSource and FormView could have a look at my example and my
problems.
This has really been puzzling me for some time, and...
|
by: mabond |
last post by:
Hi
VB.NET 2005 Express edition
Microsoft Access 2000 (SP-3)
Having trouble writing an "insert into" command for a Microsoft table I'm
accessing through oledb.
I've tried to follow the same...
|
by: skanemupp |
last post by:
in this program when using the "c"-button it deletes the last token
entered. i want to delete the token after the mousecursor.
lets say the string is: 12*(81**.5+12) and i put the cursor between...
|
by: =?Utf-8?B?bXBhaW5l?= |
last post by:
Hello,
I am completely lost as to why I can't update a DropDownList inside a
DetailsView after I perform an insert into an object datasource. I tried to
simply it down to the core demostration:...
|
by: anu b |
last post by:
Hi
I need to use Clr trigger for insert command
My code is as below
I am using SQL server 2005 and VS 2008.... but after running this
code
i didnt get the result as i expexted it shows the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |